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DETAILED ACTION 

1. Claims 1-90, 127-152 are added. 

Specification 

2. The specification is objected to as failing to provide proper antecedent basis for 
the claimed subject matter. See 37 CFR 1.75(d)(1) and MPEP § 608.01 (o). Correction 
of the following is required: Claims 31-60 include a "processor". 

Claim Rejections - 35 USC § 101 

3. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

Claims 31-60 , claims 61-90,129-138,145-152 are directed to non-statutory 

subject matter. 

Regarding claims 31-60, the claims include a processor. As the specification 
does not reference a processor, the Examiner has interpreted the processor as 
software. The claims are software per se and are therefore directed to non-statutory 
subject matter. 

Regarding claims 61-90, 129-138,145-152, the claims include a computer- 
readable memory medium. The specification ( paragraph 140 of the US Publication) 
indicates the computer-readable memory medium include but is not limited to a storage 
device (Figure 2, 211: hard disk). The computer-readable memory medium could 
therefore include other types of medium including signals and waves. The claims are 
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therefore software per se and are rejected as being directed to non-statutory subject 
matter. 

Claim Rejections - 35 USC § 102 

4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(a) the invention was known or used by others in this country, or patented or described in a printed 
publication in this or a foreign country, before the invention thereof by the applicant for a patent. 

Claims 1,6-7,10,31, 36-37,40,61,66-67,70 , 127-137, 139-140,142-147,149,151 are 
rejected under 35 U.S.C. 102(a) as being anticipated by US Patent Number 
7,072,944 issued to Chris Lalonde et al ("Lalonde"). 

As per claim 1 Lalonde anticipates: 

making a determination of the likelihood that a first a resource (e-mail) received from a 
first computer network is misrepresented as being from a trusted resource coupled to 
the first computer network (column 5, lines 9-44, as provides a confidence factor (1-10) 
confidence factor or warning or authenticity indicator to the recipient of the email). 
As per claim 6 same as claim arguments above and Lalonde anticipates: 
wherein the first resource is an electronic message and is misrepresented by content of 
the electronic message (column 5, lines 5-8, e-mail). 
As per claim 7 same as claim arguments above and Lalonde anticipates: 
wherein the content is an information entry field embedded in the electronic message 
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(column 3, lines 1-9, furnish confidential information such as furnish bank account 
information, credit card details). 

As per claim 10 same as claim arguments above and Lalonde anticipates: 

wherein the content is a source address of the electronic message (column 3, lines 60- 

col.4 lines 5, as FROM field indicates source address). 

As per claim 127 same as claim arguments above and Lalonde anticipates: 
wherein said determination is whether the first resource is from a trusted or untrusted 
source (col. 5, lines 23-44, as compare the purported sender with the actual originator 
and provide a confidence factor). 

As per claim 128 same as claim arguments above and Lalonde anticipates: 
wherein said determination is whether the first resource is from a trusted source , an 
untrusted source, or whether the source of the first resource is undetermined (col. 5, 
lines 23-44, as compare the purported sender with the actual originator and provide a 
confidence factor and, col. 6, lines 23-30 as untrusted source, col. 5, lines 33-43 as 
match confidence level and col.6, lines 35-40 as undetermined) ). 

As per claim 129 same as claim arguments above and Lalonde anticipates: 
categorize data received via an external network interface of the information handling 
system as to the likelihood of the received data spoofing its origin(column 5, lines 9-44, 
as provides a confidence factor (1-10) confidence factor or warning or authenticity 
indicator to the recipient of the email ). 
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As per claim 130 same as claim arguments above and Lalonde anticipates: 

wherein the received data is a web page or an electronic message, (column 5, lines 5-8, 

e-mail). 

As per claim 131 same as claim arguments above and Lalonde anticipates: 
wherein the received data is an e-mail message, and wherein the data is received via 
the lnternet(column 5, lines 5-8, e-mail). 

As per claim 132 same as claim arguments above and Lalonde anticipates: 
wherein the program instructions are executable to categorize the received data as 
spoofing its origin or not spoofing its origin (col.5, lines 23-44, as compare the purported 
sender with the actual originator and provide a confidence factor). 

As per claim 133 same as claim arguments above and Lalonde anticipates: 
wherein the program instructions are executable to categorize the received data as 
spoofing its origin, not spoofing its origin, or indeterminate as to whether the received 
data is spoofing its origin (col.5, lines 23-44, as compare the purported sender with the 
actual originator and provide a confidence factor and, col. 6, lines 23-30 as untrusted 
source, col. 5, lines 33-43 as match confidence level and col.6, lines 35-40 as 
undetermined) ). 
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As per claim 134 Lalonde anticipates: 

receive data from an external network coupled to the information handling system; 
analyze the received data to make a determination whether the received data indicates 
that it is from a first source coupled to the external network, but is actually from a 
second source coupled to the external network(column 5, lines 9-44, as provides a 
confidence factor (1-10) confidence factor or warning or authenticity indicator to the 
recipient of the email ). 

As per claim 135 same as claim arguments above and Lalonde anticipates: 
wherein the received data includes information indicating that it is from a source trusted 
by a user of the information handling system (column 6, lines 8-35, as FROM field and 
Received fields and the WHOIS database). 

As per claim 136 same as claim arguments above and Lalonde anticipates: 
wherein the received data is intended to cause the user to supply confidential 
information to a source other than the trusted source(column 3, lines 5-9, confidential 
information, bank account details). 

As per claim 137 same as claim arguments above and Lalonde anticipates: 

wherein the confidential information is financial information of the user(column 3, lines 

5-9, confidential information, bank account details). 
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As per claim 139 Lalonde anticipates: 

receiving data at a first computing device via a wide-area network, wherein the data 
includes information indicating that the origin of the received data is a first source that is 
known and trusted by a user of the first computing device and analyzing the received 
data to determine whether the origin of the received data is the first source(column 5, 
lines 9-44, as provides a confidence factor (1-10) confidence factor or warning or 
authenticity indicator to the recipient of the email and (column 6, lines 8-35, as FROM 
field and Received fields and the WHO IS database)). 
As per claim 140 same as claim arguments above and Lalonde anticipates: 
wherein the received data is a web page or a message(column 5, lines 5-8, e-mail). 

As per claim 142 same as claim arguments above and Lalonde anticipates: 
wherein the received data solicits confidential information from the user of the first 
computing device(column 3, lines 5-9, confidential information, bank account details). 

As per claim 143 same as claim arguments above and Lalonde anticipates: 
wherein said analyzing includes generating a score indicative of the likelihood that origin 
of the received data is the first source(column 5, lines 9-44, as provides a confidence 
factor (1-10) confidence factor or warning or authenticity indicator to the recipient of the 
email ). 

As per claim 144 Lalonde anticipates: 
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analyze a first web page received by the first computing device, wherein the first web 
page includes information indicating that the first web page originates from a first 
website and make a determination of the likelihood that the first web page is 
misrepresenting that it originates from the first website(column 5, lines 9-44, as provides 
a confidence factor (1-10) confidence factor or warning or authenticity indicator to the 
recipient of the email and (column 6, lines 8-35, as FROM field and Received fields and 
the WHOIS database)). 

As per claim 145 same as claim arguments above and Lalonde anticipates: 
wherein the first web page includes information indicating that it is from a website of a 
financial institution associated with a first user of the first computing device (col.3, lines 
1-10, bank account information). 



As per claim 146 same as claim arguments above and Lalonde anticipates: 
wherein the first web page includes fields for accepting confidential information of a first 
user of the first computing device information (column 3, lines 5-9, confidential 
information, bank account details). 

As per claim 147 same as claim arguments above and Lalonde anticipates: 
wherein the confidential information includes financial information (column 3, lines 5-9, 
bank account details). 
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As per claim 149 Lalonde anticipates: 

receive an electronic message that includes information indicating the electronic 
message originates from a first source and make a determination of the likelihood that 
the electronic message misrepresents that it originates from the first source(column 5, 
lines 9-44, as provides a confidence factor (1-10) confidence factor or warning or 
authenticity indicator to the recipient of the email ). 
As per claim 151 same as claim arguments above and Lalonde anticipates: 
wherein the electronic messages solicits the submission of confidential information from 
a user of the first computing device (col. 3, lines 5-9, confidential information). 

Claims 31,36-37,40,61,66-67,70 are rejected based on the same ration ale as claims 
1,6-7,10. 



Claim Rejections - 35 USC § 103 

5. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 



(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
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the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 2-5,8-9,11-27,32-35,62-65,141,148,150,152 are rejected under 35 U.S.C. 

103(a) as being unpatentable over US Patent Number 7,072,944 issued to Chris 

Lalonde et al ("Lalonde") and US 2004/00784242 issued to Christopher Newell 

Toomey ("Toomey"). 

As per claim 2 same as claim arguments above and Lalonde does not explicitly teach 
wherein the first resource is a web page and is misrepresented by content of the web 
page. Toomey does teach this limitation (paragraph 29, as 

It would have been obvious to one of ordinary skill in the art at the time of the invention 

was made to modify Lalonde with wherein the first resource is a web page and is 

misrepresented by content of the web page to prevent spoofers from obtaining user 

logins and passwords as described by Toomey (parg. 10). 

As per claim 3 same as claim arguments above and Lalonde teaches: 

wherein the content is an information entry field embedded in the web (col.4, lines 7-1 1 , 

as web gage request confidential information ) 

As per claim 4 same as claim arguments above and Lalonde teaches: 

wherein the web page is a first web page, and wherein the content is an address of a 

second web page (col.4, lines 7-1 1 , as web page) 

As per claim 5 same as claim arguments above and Toomey teaches: 

wherein the address is a hyperlink embedded in the first web page (parg. 15, as chain of 

hyperlinks). 
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As per claim 8 same as claim arguments above and Toomey teaches: 
wherein the content is an address of a web page (parg.15, hyperlinks). 
As per claim 9 same as claim arguments above and Toomey teaches: 
wherein the address is a hyperlink embedded in the electronic message (parg.15, 
message contains hyperlinks). 

As per claim 11 same as claim arguments above and Lalonde does not explicitly teach 
wherein the first resource is a web page. Toomey teaches this limitation at (parg. 17, as 
web page and parg. 29-35 as automated contextual analysis) to prevent spoofers from 
obtaining user logins and passwords as described by Toomey. It would have been 
obvious to one of ordinary skill in the art at the time the invention was made to modify 
Lalonde with the first resource is a web page to prevent spoofers from obtaining user 
logins and passwords as described by Toomey (parg. 10). 

As per claim 12 same as claim arguments above and Toomey teaches: 

wherein said making a determination includes analyzing an address of the web page 

(parg. 17, as web page and parg. 29-35 as automated contextual analysis) 

As per claim 13 same as claim arguments above and Toomey teaches: 
wherein the analyzing comprises: 

in response to determining that the address points to a known trusted web page, 
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making a determination that the web page is not misrepresented as being from a trusted 
resource (parg. 17, as web page and parg. 29-35 as automated contextual analysis) 

As per claim 14 same as claim arguments above and Toomey teaches: 
wherein the analyzing comprises in response to determining that the address points to a 
known mistrusted web page, making a determination that the web page is likely 
misrepresented as being from a trusted resource (parg. 17, as web page and parg. 29- 
35 as automated contextual analysis). 

As per claim 15 same as claim arguments above and Toomey teaches: 

wherein said making a determination includes analyzing a content of the web page 

(parg. 17, as web page and parg. 29-35 as automated contextual analysis) 

As per claim 16 same as claim arguments above and Lalonde teaches: 

the content includes a predetermined content (col.3, lines 5-9, confidential information, 

bank account information). 

As per claim 17 same as claim arguments above and Lalonde teaches: 

wherein the predetermined content is a request for financial information (col.3, lines 5- 

9, confidential information, bank account information). 

As per claim 18 same as claim arguments above and Lalonde teaches: 
wherein the financial information is information about a bank account(col.3, lines 5-9, 
confidential information, bank account information). 
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As per claim 19 same as claim arguments above and Lalonde teaches: 
the financial information is information about a credit card account(col.3, lines 5-9, 
confidential information, bank account information, credit card). 
As per claim 20 same as claim arguments above and Toomey teaches: 
wherein said making a determination includes analyzing a layout of the web page(parg. 
17, as web page and parg. 29-35 as automated contextual analysis). 
As per claim 21 same as claim arguments above and Toomey teaches: 
wherein the analyzing comprises in response to determining that the layout is similar to 
a layout of a known mistrusted web page, making a determination that the web page is 
likely misrepresented as being from a trusted source(parg. 17, as web page and parg. 
29-35 as automated contextual analysis). 

As per claim 22 same as claim arguments above and Toomey teaches wherein said 
making a determination includes analyzing layout of the web page at (parg. 17, as web 
page and parg. 29-35 as automated contextual analysis). 
As per claim 23 same as claim arguments above and Toomey teaches: 
wherein the web page is part of a website, and wherein analyzing the information 
comprises determining an age of the website (parg. 17, as web page and parg. 29-35 
as automated contextual analysis). 

As per claim 24 same as claim arguments above and Toomey teaches: 
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wherein the web page is part of a website, and wherein analyzing the information 
comprises determining a size of the website (parg. 17, as web page and parg. 29-35 as 
automated contextual analysis). 

As per claim 25 same as claim arguments above and Toomey teaches: 
the web page is part of a website, and wherein analyzing the information comprises 
determining a number of hyperlinks to the website by a known trusted source (parg. 17, 
as web page and parg. 29-35 as automated contextual analysis). 

As per claim 26 same as claim arguments above and Toomey teaches: 
wherein said making a determination includes outputting a signal to a computing system 
that hosts the web page, and analyzing the computing system's response thereto (parg. 
17, as web page and parg. 29-35 as automated contextual analysis). 

As per claims 27,57,87 same as claim arguments above and Toomey teaches: 
wherein said making a determination includes performing at least two of the following 
operations: 

analyzing an address of the web, analyzing a content of the web page, analyzing a 
layout of the web page, analyzing information associated with the web page, 
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and outputting information to a computer system hosting the web page and analyzing 
the computing system's response thereto, in response to the performed first set of 
operations, determining a score indicative of the likelihood that the first resource is 
misrepresented as being from a trusted resource (parg. 17, as web page and parg. 29- 
35 as automated contextual analysis). 

As per claims 28-30,58-60,88-90 are rejected based on the same rationale as claim 27 
,57,87 above. 

Claims 32-45,52-56,61-75,82-86 are rejected based on the same rationale as claims 2- 
15, 22-26 above. 

As per claim 138 same as claim arguments above and Lalonde does explicitly teach 
wherein the confidential information is login information of the user. Toomey teaches 
this ( at paragraph 18 as password) to prevent spoofers from obtaining user logins and 
passwords. It would have been obvious to one of ordinary skill in the art at the time of 
the invention was made to modify Lalonde with wherein the confidential information is 
login information of the user to prevent spoofers from obtaining user logins and 
passwords as described by Toomey (parg. 10). 

As per claim 141 same as claim arguments above and Lalonde does not explicitly 
teach wherein said analyzing includes determining whether the information contained 
within the received data is associated with the first source, and wherein the information 
includes ... an information layout. Toomey teaches wherein said analyzing includes 
determining whether the information contained within the received data is associated 
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with the first source, and wherein the information includes ... an information layout 
(parg. 17, as web page and parg. 29-35 as automated contextual analysis). It would 
have been obvious to one of ordinary skill in the art at the time of the invention was 
made to modify Lalonde with wherein said analyzing includes determining whether the 
information contained within the received data is associated with the first source, and 
wherein the information includes ... an information layout to prevent spoofers from 
obtaining user logins and passwords as described by Toomey (parg. 10). 
As per claim 148. same as claim arguments above and Lalonde does not explicitly 
teach wherein the confidential information includes logon information. Toomey does 
teach this limitation (at paragraph 18 as password). It would have been obvious to one 
of ordinary skill in the art at the time of the invention was made to modify Lalonde with 
wherein the confidential information includes logon information to prevent spoofers from 
obtaining user logins and passwords as described by Toomey (parg. 10). 

As per claim 150 same as claim arguments above and Toomey teaches: 

wherein the information includes one or more links to a website other than a website 

associated with the first source (paragraph 21,30, as series of navigated URLs) 

As per claim 152 same as claim arguments above and Toomey teaches: wherein the 
layout of the electronic message differs from messages originating from the first source. 
( parg. 29-35 as automated contextual analysis). 
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Claims 46-49, 76-79 are rejected based on the same rationale as claims 16-19. 
Claims 50-51, 80-81 are rejected based on the same rationale as claims 20-21 above. 



Response to Arguments 

6. Applicant's arguments with respect to claims 1-90, 127-152 have been 
considered but are moot in view of the new ground(s) of rejection. 

Conclusion 

7. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 

§ 706.07(a). Applicant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the date of this final action. 
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Contact Information 



8. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Susan F. Rayyan whose telephone number is 571-272- 
1675. The examiner can normally be reached on M-F, 7:30-4:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, John Cottingham can be reached on 571-272-7079. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 




usan Rayyan 



February 15, 2008 
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